@tstdl/base 0.85.19 → 0.85.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintrc.json +1 -0
- package/authentication/server/authentication-secret-requirements.validator.d.ts +11 -2
- package/authentication/server/authentication-secret-requirements.validator.js +10 -3
- package/authentication/server/authentication.service.d.ts +8 -1
- package/authentication/server/authentication.service.js +10 -2
- package/package.json +2 -2
package/.eslintrc.json
CHANGED
|
@@ -26,6 +26,7 @@
|
|
|
26
26
|
"rules": {
|
|
27
27
|
/** typescript */
|
|
28
28
|
"@typescript-eslint/brace-style": ["error", "stroustrup", { "allowSingleLine": true }],
|
|
29
|
+
"@typescript-eslint/class-methods-use-this": ["error", { "ignoreOverrideMethods": true, "ignoreClassesThatImplementAnInterface": true }],
|
|
29
30
|
"@typescript-eslint/consistent-type-definitions": "off",
|
|
30
31
|
"@typescript-eslint/explicit-function-return-type": ["error", { "allowExpressions": true }],
|
|
31
32
|
"@typescript-eslint/explicit-member-accessibility": ["error", { "accessibility": "no-public" }],
|
|
@@ -1,9 +1,18 @@
|
|
|
1
1
|
import type { SecretCheckResult } from '../models/secret-check-result.model.js';
|
|
2
|
+
export type SecretTestResult = {
|
|
3
|
+
success: true;
|
|
4
|
+
reason?: undefined;
|
|
5
|
+
} | {
|
|
6
|
+
success: false;
|
|
7
|
+
reason: string;
|
|
8
|
+
};
|
|
2
9
|
export declare abstract class AuthenticationSecretRequirementsValidator {
|
|
3
|
-
abstract checkSecretRequirements(secret: string):
|
|
4
|
-
abstract
|
|
10
|
+
abstract checkSecretRequirements(secret: string): Promise<SecretCheckResult>;
|
|
11
|
+
abstract testSecretRequirements(secret: string): Promise<SecretTestResult>;
|
|
12
|
+
abstract validateSecretRequirements(secret: string): Promise<void>;
|
|
5
13
|
}
|
|
6
14
|
export declare class DefaultAuthenticationSecretRequirementsValidator extends AuthenticationSecretRequirementsValidator {
|
|
7
15
|
checkSecretRequirements(secret: string): Promise<SecretCheckResult>;
|
|
16
|
+
testSecretRequirements(secret: string): Promise<SecretTestResult>;
|
|
8
17
|
validateSecretRequirements(secret: string): Promise<void>;
|
|
9
18
|
}
|
|
@@ -43,13 +43,20 @@ let DefaultAuthenticationSecretRequirementsValidator = class DefaultAuthenticati
|
|
|
43
43
|
async checkSecretRequirements(secret) {
|
|
44
44
|
return (0, import_password_check.checkPassword)(secret, { checkForPwned: true });
|
|
45
45
|
}
|
|
46
|
-
async
|
|
46
|
+
async testSecretRequirements(secret) {
|
|
47
47
|
const result = await this.checkSecretRequirements(secret);
|
|
48
48
|
if ((0, import_type_guards.isNumber)(result.pwned) && result.pwned > 0) {
|
|
49
|
-
|
|
49
|
+
return { success: false, reason: "Password is exposed in data breach (https://haveibeenpwned.com/passwords)." };
|
|
50
50
|
}
|
|
51
51
|
if (result.strength < import_password_check_result_model.PasswordStrength.Medium) {
|
|
52
|
-
|
|
52
|
+
return { success: false, reason: "Password is too weak." };
|
|
53
|
+
}
|
|
54
|
+
return { success: true };
|
|
55
|
+
}
|
|
56
|
+
async validateSecretRequirements(secret) {
|
|
57
|
+
const result = await this.testSecretRequirements(secret);
|
|
58
|
+
if (!result.success) {
|
|
59
|
+
throw new import_secret_requirements_error.SecretRequirementsError(result.reason);
|
|
53
60
|
}
|
|
54
61
|
}
|
|
55
62
|
};
|
|
@@ -3,6 +3,7 @@ import { afterResolve } from '../../container/index.js';
|
|
|
3
3
|
import type { Record } from '../../types.js';
|
|
4
4
|
import type { RefreshToken, SecretCheckResult, SecretResetToken, Token } from '../models/index.js';
|
|
5
5
|
import { AuthenticationCredentialsRepository } from './authentication-credentials.repository.js';
|
|
6
|
+
import type { SecretTestResult } from './authentication-secret-requirements.validator.js';
|
|
6
7
|
import { AuthenticationSecretRequirementsValidator } from './authentication-secret-requirements.validator.js';
|
|
7
8
|
import { AuthenticationSecretResetHandler } from './authentication-secret-reset.handler.js';
|
|
8
9
|
import { AuthenticationSessionRepository } from './authentication-session.repository.js';
|
|
@@ -50,6 +51,10 @@ export type TokenResult<AdditionalTokenPayload extends Record = Record<never>> =
|
|
|
50
51
|
jsonToken: Token<AdditionalTokenPayload>;
|
|
51
52
|
refreshToken: string;
|
|
52
53
|
};
|
|
54
|
+
export type SetCredentialsOptions = {
|
|
55
|
+
/** skip validation for password strength */
|
|
56
|
+
skipValidation?: boolean;
|
|
57
|
+
};
|
|
53
58
|
type CreateTokenResult<AdditionalTokenPayload extends Record> = {
|
|
54
59
|
token: string;
|
|
55
60
|
jsonToken: Token<AdditionalTokenPayload>;
|
|
@@ -79,7 +84,7 @@ export declare class AuthenticationService<AdditionalTokenPayload extends Record
|
|
|
79
84
|
constructor(credentialsRepository: AuthenticationCredentialsRepository, sessionRepository: AuthenticationSessionRepository, authenticationSecretRequirementsValidator: AuthenticationSecretRequirementsValidator, subjectResolver: AuthenticationSubjectResolver | undefined, tokenPayloadProvider: AuthenticationTokenPayloadProvider<AdditionalTokenPayload, AuthenticationData> | undefined, authenticationResetSecretHandler: AuthenticationSecretResetHandler | undefined, options: AuthenticationServiceOptions);
|
|
80
85
|
[afterResolve](): Promise<void>;
|
|
81
86
|
initialize(): Promise<void>;
|
|
82
|
-
setCredentials(subject: string, secret: string): Promise<void>;
|
|
87
|
+
setCredentials(subject: string, secret: string, options?: SetCredentialsOptions): Promise<void>;
|
|
83
88
|
authenticate(subject: string, secret: string): Promise<AuthenticationResult>;
|
|
84
89
|
getToken(subject: string, authenticationData: AuthenticationData): Promise<TokenResult<AdditionalTokenPayload>>;
|
|
85
90
|
endSession(sessionId: string): Promise<void>;
|
|
@@ -87,6 +92,8 @@ export declare class AuthenticationService<AdditionalTokenPayload extends Record
|
|
|
87
92
|
initResetSecret(subject: string): Promise<void>;
|
|
88
93
|
resetSecret(tokenString: string, newSecret: string): Promise<void>;
|
|
89
94
|
checkSecret(secret: string): Promise<SecretCheckResult>;
|
|
95
|
+
testSecret(secret: string): Promise<SecretTestResult>;
|
|
96
|
+
validateSecret(secret: string): Promise<void>;
|
|
90
97
|
validateToken(token: string): Promise<Token<AdditionalTokenPayload>>;
|
|
91
98
|
validateRefreshToken(token: string): Promise<RefreshToken>;
|
|
92
99
|
validateSecretResetToken(token: string): Promise<SecretResetToken>;
|
|
@@ -116,9 +116,11 @@ let AuthenticationService = class AuthenticationService2 {
|
|
|
116
116
|
this.derivedSecretResetTokenSigningSecret = this.options.secret.secretResetTokenSigningSecret;
|
|
117
117
|
}
|
|
118
118
|
}
|
|
119
|
-
async setCredentials(subject, secret) {
|
|
119
|
+
async setCredentials(subject, secret, options) {
|
|
120
120
|
const actualSubject = await this.resolveSubject(subject);
|
|
121
|
-
|
|
121
|
+
if (options?.skipValidation != true) {
|
|
122
|
+
await this.authenticationSecretRequirementsValidator.validateSecretRequirements(secret);
|
|
123
|
+
}
|
|
122
124
|
const salt = (0, import_random.getRandomBytes)(32);
|
|
123
125
|
const hash = await this.getHash(secret, salt);
|
|
124
126
|
const credentials = {
|
|
@@ -212,6 +214,12 @@ let AuthenticationService = class AuthenticationService2 {
|
|
|
212
214
|
async checkSecret(secret) {
|
|
213
215
|
return this.authenticationSecretRequirementsValidator.checkSecretRequirements(secret);
|
|
214
216
|
}
|
|
217
|
+
async testSecret(secret) {
|
|
218
|
+
return this.authenticationSecretRequirementsValidator.testSecretRequirements(secret);
|
|
219
|
+
}
|
|
220
|
+
async validateSecret(secret) {
|
|
221
|
+
return this.authenticationSecretRequirementsValidator.validateSecretRequirements(secret);
|
|
222
|
+
}
|
|
215
223
|
async validateToken(token) {
|
|
216
224
|
return (0, import_helper.getTokenFromString)(token, this.tokenVersion, this.derivedTokenSigningSecret);
|
|
217
225
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tstdl/base",
|
|
3
|
-
"version": "0.85.
|
|
3
|
+
"version": "0.85.21",
|
|
4
4
|
"author": "Patrick Hein",
|
|
5
5
|
"publishConfig": {
|
|
6
6
|
"access": "public"
|
|
@@ -45,7 +45,7 @@
|
|
|
45
45
|
"typescript": "5.1"
|
|
46
46
|
},
|
|
47
47
|
"peerDependencies": {
|
|
48
|
-
"@elastic/elasticsearch": "^8.
|
|
48
|
+
"@elastic/elasticsearch": "^8.9",
|
|
49
49
|
"@koa/router": "^12.0",
|
|
50
50
|
"@tstdl/angular": "^0.85",
|
|
51
51
|
"@zxcvbn-ts/core": "^3.0",
|